FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Vulnerablitiy in HWP document filter

Affected packages
libreoffice < 4.3.7
apache-openoffice < 4.1.1_9
apache-openoffice-devel < 4.2.1677190,3

Details

VuXML ID b13af778-f4fc-11e4-a95d-ac9e174be3af
Discovery 2015-04-27
Entry 2015-05-07

US-CERT/NIST reports:

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

References

CVE Name CVE-2015-1774
URL http://www.openoffice.org/security/cves/CVE-2015-1774.html
URL https://www.libreoffice.org/about-us/security/advisories/cve-2015-1774/